SBP issues cyber security guidelines

KARACHI: The State Bank of Pakistan has issued guidelines on prevention against cyber-attacks. Through these guidelines, the SBP has advised banks/ MFBs/ DFIS to continuously improve their cyber security controls and procedures so as to anticipate, withstand, detect, and respond to cyber-attacks.

SBP’s cyber security instructions provide guidelines in the areas of risk ownership and management responsibility; periodic evaluation and monitoring of cyber security controls; regular independent assessment and tests, and industry collaboration and contingency planning. The new instructions require the Board of Directors (BoD) of the institutions to regularly evaluate the adequacy of cyber security systems and action plans with regard to emerging cyber threats.

The senior management is required to ensure that an organisational plan of action for cyber security management exists in each institution and is regularly reviewed and updated for implementation. It may be noted here that cyber threats have become a global phenomenon and are continually growing in sophistication and impact, despite advances in cyber-security technologies and practices.

While the new technologies and their application in banking system have created new opportunities for the efficient and cost-effective delivery of services, these have also posed a number of new threats and risks. The banks/ DFIs/ MFBs are required to make necessary arrangements to comply with the instructions, latest by December 31, 2016.